Tens of thousands scammed using fake Android cryptomining apps


Level 84
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
Scammers tricked at least 93,000 people into buying fake Android cryptocurrency mining applications, as revealed by researchers from California-based cybersecurity firm Lookout.

The 172 paid Android applications, tracked as two separate families dubbed BitScam (83,800 installs) and CloudScam (9,600 installs), were advertised by the cybercriminals to victims as providing cloud cryptocurrency mining services.

Twenty-five of these fake apps were available in the Google Play Store, while those sold on third-party app stores could be side-loaded by victims on their Android devices.
"These apps were able to fly under the radar because they don’t actually do anything malicious," Lookout mobile app security researcher Ioannis Gasparis said.
"They are simply shells set up to attract users caught up in the cryptocurrency craze and collect money for services that don’t exist."
A list of all BitScam and CloudScam apps, indicators of compromise (IOCs), additional technical details, and info on the number of Play Store installs per app are available in the Lookout report.